I'm practicing reverse engineering C object files. Suppose I have an object file of the C program:

#include <stdio.h>
#include <string.h>

int main (int argc, char ** argv) {
  char * input = argv[1];
  int result = strcmp(input, "text_to_compare");
  
  if (result == 0) {
      printf("%s\n", "text matches");
  }
  else {
      printf("%s\n", "text doeesn't match");
  }
  
  return 0;
}

How would I go about finding "text_to_compare" from the object file given it was compiled with a -g flag and an x86-64 architecture?

CodePudding user response：

Running strings on a binary file will all sequences of four or more printable characters in the file. For a simple file this might be sufficient, but for a larger file you can end up with a lot of false positives. For example, compiling your code with gcc and running strings on the resulting binary will return 295 results.

We can start by using the objdump command to disassemble the code in your sample file:

$ objdump --disassemble=main a.out

a.out:     file format elf64-x86-64


Disassembly of section .init:

Disassembly of section .plt:

Disassembly of section .text:

0000000000401136 <main>:
  401136:       55                      push   %rbp
  401137:       48 89 e5                mov    %rsp,%rbp
  40113a:       48 83 ec 20             sub    $0x20,%rsp
  40113e:       89 7d ec                mov